CAPITAL MASTER PLAN (CMP) PROGRESS REPORT 2014
I. INTRODUCTION
-
The fifty-first session of the Assemblies of the Member States of WIPO in September 2013 endorsed the principles under which projects are included in the Organization’s Capital Master Plan (CMP), and approved funding for a total estimated amount of 11.2 million Swiss francs from available reserves for seven projects (document A/51/1672).
-
As part of efforts to streamline reporting across the Organization, the Capital Master Plan (CMP) Progress Report 2014 is being included as an annex to the PPR 2014. This report is the second progress report submitted to the PBC and provides Member States with an overview of progress, milestones reached and resource utilization during the period January to December 2014 under the following projects:
-
ICT-Related Projects
-
Security Enhancement: Data Encryption and User Management (CMP 1)
-
Enterprise Content Management (ECM) Implementation (CMP 2)
-
Buildings-Related Projects
-
Renovation of the facades and cooling/heating installation of the PCT Building (CMP 3)
-
Deployment of Geneva Lake water ("GLN") cooling system to AB and PCT Buildings (CMP 4)
-
Arpad Bogsch Building – phase 1 of basement renovation (resizing of data center and renovation of the printshop) (CMP 5)
-
Arpad Bogsch Building – replacement of certain windows (CMP 6)
-
Safety/Security-Related Projects
-
Safety and Fire Protection Measures (CMP 7)
II. APPROVED GOVERNANCE STRUCTURE
-
In line with industry best practice for project management, a governance framework for the CMP was implemented in 2014 to: (i) define the structures and processes for the management and monitoring of the activities of the projects towards the achievement of objectives, and (ii) ensure that responsibility and accountability are clearly delineated and communicated.
-
The PBC, at the twenty-second session in September 2014, took note of the governance structure set up to manage, oversee and report on the implementation of the portfolio of CMP projects (document WO/PBC/22/2173).
ICT-RELATED PROJECTS
PROJECT: SECURITY ENHANCEMENT: DATA ENCRYPTION AND USER MANAGEMENT (CMP 1)
Project Manager Mr. R. LANE
EXPECTED RESULT
IX.1 Effective, efficient, quality and customer-oriented support services both to internal clients and to external stakeholders
-
Implementing data encryption and user management would enhance WIPO's ability to respond to increasing information security threats, while allowing more cost-effective sourcing options to be considered and increasing number of user access rights to be comprehensively managed.
OBJECTIVES, SCOPE AND APPROACH- BACKGROUND
-
This project serves three primary objectives – protecting the essential data, enabling more cost-effective sourcing options, and holistically managing user access rights.
-
WIPO has already taken multifaceted approaches in protecting confidential information. These approaches include traditional perimeter defense mechanisms, security information and event management system, intrusion detection and prevention etc. However, in response to increasingly sophisticated security threats, information security best practices have now also put emphasis on protecting the source directly.
-
In addition, having cost-effective sourcing options available is a necessity in today's world of information technology management, which expects diversified and rapidly changing competencies on the one hand and the ability to quickly mobilize the workforce in response to changing business priorities on the other. However, the increase of sourcing options also brings the increase of information security exposures.
-
Enterprise data encryption technologies can provide effective solutions in response to these two challenges. Such solutions complement other information security measures by encrypting the data source. They also allow more flexibility in choosing cost-effective service providers by keeping the encryption under tight control while enabling the service providers to perform their support functions.
-
Effective access rights management further compliments the investments in enterprise data encryption solutions. Traditionally, access rights management is focused on systems. That is, given a system, it should be clear who has access to what. This mechanism can be effective when number of users and software applications are relatively small.
-
However, it is expected that, as WIPO continues to enhance its online services, the number of users will steadily increase in the coming years. Investments are needed for solutions that focus the access rights management on users. That is, given a user, it should be clear what access rights the user has across the entire spectrum of the systems.
-
In the future, technologies may become even more mature to manage access rights according to users’ roles within and across complex systems, such as ERP. At present, it is difficult to forecast where and how such technologies will evolve. Therefore this has not been included as part of the scope of this project.
OVERVIEW OF PROGRESS IN 2014 (KEY MILESTONES)
-
This project was put on hold during 2014 due to the launch of the IT Platform Segregation and Resilience (ITSR) project, which has significant impact on the business requirements for, and the selection/implementation of the required solutions for, both Enterprise Encryption and User Management.
RESOURCE UTILIZATION
Project Budget Utilization
(In Swiss francs, as at December 31, 2014)
Project Name
|
Project Budget
|
Actual Expenditure to Date
|
Actual Budget Utilization
|
Implementation Progress Rate of the Project
|
Security enhancement: data encryption and user management
|
700,000
|
0
|
0%
|
-
|
ICT-RELATED PROJECTS
Share with your friends: |